module.exports = () => {
	// 返回中间件函数
	return async function permission(app, next) {
		const {$dx} = app;
		if (!$dx.auth || !$dx.auth.role.includes('admin') && !$dx.auth.permission.includes($dx.request.pathinfo())) {
			$dx.throw('FORBIDDEN:禁止访问', null, 1000);
		}
		await next() // 执行后续中间件
	}
}
